@bryan-thompson/inspector-assessment 1.0.0 → 1.1.0

package/README.md

@@ -1,5 +1,8 @@
 # MCP Inspector Assessment
 
+[![npm version](https://badge.fury.io/js/@bryan-thompson%2Finspector-assessment.svg)](https://www.npmjs.com/package/@bryan-thompson/inspector-assessment)
+[![npm downloads](https://img.shields.io/npm/dm/@bryan-thompson/inspector-assessment.svg)](https://www.npmjs.com/package/@bryan-thompson/inspector-assessment)
+
 The MCP inspector is a developer tool for testing and debugging MCP servers with comprehensive assessment capabilities for validating server functionality, security, documentation, and compliance.
 
 ![MCP Inspector Screenshot](./mcp-inspector.png)
@@ -42,6 +45,18 @@ bunx @bryan-thompson/inspector-assessment
 
 The web interface will open at http://localhost:6274
 
+## For MCP Directory Reviewers
+
+If you're reviewing MCP servers for the Anthropic MCP Directory, see our **[Reviewer Quick Start Guide](docs/REVIEWER_QUICK_START.md)** for:
+
+- **60-second fast screening** workflow for approve/reject decisions
+- **5-minute detailed review** process for borderline cases
+- **Common pitfalls** explanation (false positives in security, informational vs scored tests)
+- **Decision matrix** with clear approval criteria
+- **Fast CLI analysis** commands for troubleshooting
+
+The quick start guide is optimized for fast reviewer onboarding and provides clear guidance on interpreting assessment results.
+
 ## About This Fork
 
 This is an enhanced fork of [Anthropic's MCP Inspector](https://github.com/modelcontextprotocol/inspector) with significantly expanded assessment capabilities for MCP server validation and testing.
@@ -49,6 +64,8 @@ This is an enhanced fork of [Anthropic's MCP Inspector](https://github.com/model
 **Original Repository**: https://github.com/modelcontextprotocol/inspector
 **Our Enhanced Fork**: https://github.com/triepod-ai/inspector-assessment
 
+**⚠️ Important**: This is a published fork with assessment enhancements. If you want the official Anthropic inspector without assessment features, use `npx @modelcontextprotocol/inspector`.
+
 ### What We Added
 
 We've built a comprehensive assessment framework on top of the original inspector that transforms it from a debugging tool into a full validation suite for MCP servers. Our enhancements focus on accuracy, depth, and actionable insights for MCP server developers.
@@ -65,13 +82,14 @@ We've built a comprehensive assessment framework on top of the original inspecto
 
 Our enhanced fork maintains high code quality standards with comprehensive testing and validation:
 
-- **Test Coverage**: ✅ 464 tests passing (100% pass rate)
+- **Test Coverage**: ✅ 582/582 tests passing (100% pass rate)
   - **Assessment Module Tests**: 208 tests specifically validating our assessment enhancements
     - Business logic error detection with confidence scoring
     - Progressive complexity testing (2 levels: minimal → simple)
     - Context-aware security testing with zero false positives
     - Realistic test data generation and boundary testing
-  - **Total Project Tests**: 464 tests including assessment modules, UI components, and core inspector functionality
+  - **Total Project Tests**: 582 tests including assessment modules, UI components, and core inspector functionality
+  - All tests updated to reflect comprehensive mode (18 security patterns × 3 payloads per tool)
   - Test files: `client/src/services/__tests__/` and `client/src/services/assessment/__tests__/`
 - **Code Quality**: ✅ Production code uses proper TypeScript types
   - 229 lint issues remaining (down 18% from 280 after recent cleanup)
@@ -88,7 +106,7 @@ Our enhanced fork maintains high code quality standards with comprehensive testi
 **Testing Commands**:
 
 ```bash
-npm test                         # Run all 464 tests
+npm test                         # Run all 582 tests
 npm test -- assessment           # Run all 208 assessment module tests
 npm test -- assessmentService    # Run assessment service integration tests (54 tests)
 npm test -- SecurityAssessor     # Run security assessment tests (16 tests)
@@ -417,7 +435,7 @@ Our assessment capabilities are backed by a comprehensive test suite that valida
 
 **Test Coverage Summary**:
 
-- **464 passing tests** across all project modules (100% pass rate)
+- **582 passing tests** across all project modules (100% pass rate)
 - **208 assessment module tests** specifically created for validation of our enhancements
 
 #### Assessment Module Test Breakdown
@@ -472,14 +490,15 @@ These 208 tests specifically validate:
 - **Optimization Tests**: Boundary scenario conditional generation, progressive complexity efficiency
 - **Test Files**: Located in `client/src/services/__tests__/` and `client/src/services/assessment/__tests__/`
 - **Recent Improvements**:
-  - Achieved 100% test pass rate (464 passing, 0 failing) - 2025-10-05
+  - Achieved 100% test pass rate (582 passing, 0 failing) - 2025-10-11
+  - Updated all tests for comprehensive mode (18 security patterns × 3 payloads) - 2025-10-11
   - Fixed all failing tests after upstream sync - 2025-10-04
   - Added boundary testing optimization validation - 2025-10-05
 
 **Running the Test Suite**:
 
 ```bash
-npm test                                 # Run all 464 tests
+npm test                                 # Run all 582 tests
 npm test -- assessmentService            # Run main assessment tests
 npm test -- FunctionalityAssessor        # Run specific assessor tests
 npm test -- SecurityAssessor             # Run security tests
@@ -503,13 +522,15 @@ Programmatically run assessments using the CLI:
 
 ```bash
 # Run full assessment
-npx @modelcontextprotocol/inspector --cli node build/index.js --assess
+mcp-inspector-assess-cli node build/index.js --assess
+# or with npx
+npx @bryan-thompson/inspector-assessment-cli node build/index.js --assess
 
 # Run specific category
-npx @modelcontextprotocol/inspector --cli node build/index.js --assess functionality
+mcp-inspector-assess-cli node build/index.js --assess functionality
 
 # Export assessment results
-npx @modelcontextprotocol/inspector --cli node build/index.js --assess --output assessment-report.json
+mcp-inspector-assess-cli node build/index.js --assess --output assessment-report.json
 ```
 
 ## Running the Inspector
@@ -523,14 +544,16 @@ npx @modelcontextprotocol/inspector --cli node build/index.js --assess --output
 To get up and running right away with the UI, just execute the following:
 
 ```bash
-npx @modelcontextprotocol/inspector
+bunx @bryan-thompson/inspector-assessment
+# or with npx
+npx @bryan-thompson/inspector-assessment
 ```
 
 The server will start up and the UI will be accessible at `http://localhost:6274`.
 
 ### Docker Container
 
-You can also start it in a Docker container with the following command:
+**Note**: Docker container is not yet available for `@bryan-thompson/inspector-assessment`. The Docker image below is for the upstream inspector only (without assessment features):
 
 ```bash
 docker run --rm --network host -p 6274:6274 -p 6277:6277 ghcr.io/modelcontextprotocol/inspector:latest
@@ -538,32 +561,34 @@ docker run --rm --network host -p 6274:6274 -p 6277:6277 ghcr.io/modelcontextpro
 
 ### From an MCP server repository
 
-To inspect an MCP server implementation, there's no need to clone this repo. Instead, use `npx`. For example, if your server is built at `build/index.js`:
+To inspect an MCP server implementation, there's no need to clone this repo. Instead, use `bunx` or `npx`. For example, if your server is built at `build/index.js`:
 
 ```bash
-npx @modelcontextprotocol/inspector node build/index.js
+bunx @bryan-thompson/inspector-assessment node build/index.js
+# or with npx
+npx @bryan-thompson/inspector-assessment node build/index.js
 ```
 
 You can pass both arguments and environment variables to your MCP server. Arguments are passed directly to your server, while environment variables can be set using the `-e` flag:
 
 ```bash
 # Pass arguments only
-npx @modelcontextprotocol/inspector node build/index.js arg1 arg2
+bunx @bryan-thompson/inspector-assessment node build/index.js arg1 arg2
 
 # Pass environment variables only
-npx @modelcontextprotocol/inspector -e key=value -e key2=$VALUE2 node build/index.js
+bunx @bryan-thompson/inspector-assessment -e key=value -e key2=$VALUE2 node build/index.js
 
 # Pass both environment variables and arguments
-npx @modelcontextprotocol/inspector -e key=value -e key2=$VALUE2 node build/index.js arg1 arg2
+bunx @bryan-thompson/inspector-assessment -e key=value -e key2=$VALUE2 node build/index.js arg1 arg2
 
 # Use -- to separate inspector flags from server arguments
-npx @modelcontextprotocol/inspector -e key=$VALUE -- node build/index.js -e server-flag
+bunx @bryan-thompson/inspector-assessment -e key=$VALUE -- node build/index.js -e server-flag
 ```
 
 The inspector runs both an MCP Inspector (MCPI) client UI (default port 6274) and an MCP Proxy (MCPP) server (default port 6277). Open the MCPI client UI in your browser to use the inspector. (These ports are derived from the T9 dialpad mapping of MCPI and MCPP respectively, as a mnemonic). You can customize the ports if needed:
 
 ```bash
-CLIENT_PORT=8080 SERVER_PORT=9000 npx @modelcontextprotocol/inspector node build/index.js
+CLIENT_PORT=8080 SERVER_PORT=9000 bunx @bryan-thompson/inspector-assessment node build/index.js
 ```
 
 For more details on ways to use the inspector, see the [Inspector section of the MCP docs site](https://modelcontextprotocol.io/docs/tools/inspector). For help with debugging, see the [Debugging guide](https://modelcontextprotocol.io/docs/tools/debugging).
@@ -748,7 +773,7 @@ These settings can be adjusted in real-time through the UI and will persist acro
 The inspector also supports configuration files to store settings for different MCP servers. This is useful when working with multiple servers or complex configurations:
 
 ```bash
-npx @modelcontextprotocol/inspector --config path/to/config.json --server everything
+bunx @bryan-thompson/inspector-assessment --config path/to/config.json --server everything
 ```
 
 Example server configuration file:
@@ -827,7 +852,7 @@ You can launch the inspector without specifying a server name if your config has
 
 ```bash
 # Automatically uses "my-server" if it's the only one
-npx @modelcontextprotocol/inspector --config mcp.json
+bunx @bryan-thompson/inspector-assessment --config mcp.json
 ```
 
 2. **A server named "default-server"** - automatically selected:
@@ -900,47 +925,47 @@ npm start
 CLI mode enables programmatic interaction with MCP servers from the command line, ideal for scripting, automation, and integration with coding assistants. This creates an efficient feedback loop for MCP server development.
 
 ```bash
-npx @modelcontextprotocol/inspector --cli node build/index.js
+mcp-inspector-assess-cli node build/index.js
 ```
 
 The CLI mode supports most operations across tools, resources, and prompts. A few examples:
 
 ```bash
 # Basic usage
-npx @modelcontextprotocol/inspector --cli node build/index.js
+mcp-inspector-assess-cli node build/index.js
 
 # With config file
-npx @modelcontextprotocol/inspector --cli --config path/to/config.json --server myserver
+mcp-inspector-assess-cli --config path/to/config.json --server myserver
 
 # List available tools
-npx @modelcontextprotocol/inspector --cli node build/index.js --method tools/list
+mcp-inspector-assess-cli node build/index.js --method tools/list
 
 # Call a specific tool
-npx @modelcontextprotocol/inspector --cli node build/index.js --method tools/call --tool-name mytool --tool-arg key=value --tool-arg another=value2
+mcp-inspector-assess-cli node build/index.js --method tools/call --tool-name mytool --tool-arg key=value --tool-arg another=value2
 
 # Call a tool with JSON arguments
-npx @modelcontextprotocol/inspector --cli node build/index.js --method tools/call --tool-name mytool --tool-arg 'options={"format": "json", "max_tokens": 100}'
+mcp-inspector-assess-cli node build/index.js --method tools/call --tool-name mytool --tool-arg 'options={"format": "json", "max_tokens": 100}'
 
 # List available resources
-npx @modelcontextprotocol/inspector --cli node build/index.js --method resources/list
+mcp-inspector-assess-cli node build/index.js --method resources/list
 
 # List available prompts
-npx @modelcontextprotocol/inspector --cli node build/index.js --method prompts/list
+mcp-inspector-assess-cli node build/index.js --method prompts/list
 
 # Connect to a remote MCP server (default is SSE transport)
-npx @modelcontextprotocol/inspector --cli https://my-mcp-server.example.com
+mcp-inspector-assess-cli https://my-mcp-server.example.com
 
 # Connect to a remote MCP server (with Streamable HTTP transport)
-npx @modelcontextprotocol/inspector --cli https://my-mcp-server.example.com --transport http --method tools/list
+mcp-inspector-assess-cli https://my-mcp-server.example.com --transport http --method tools/list
 
 # Connect to a remote MCP server (with custom headers)
-npx @modelcontextprotocol/inspector --cli https://my-mcp-server.example.com --transport http --method tools/list --header "X-API-Key: your-api-key"
+mcp-inspector-assess-cli https://my-mcp-server.example.com --transport http --method tools/list --header "X-API-Key: your-api-key"
 
 # Call a tool on a remote server
-npx @modelcontextprotocol/inspector --cli https://my-mcp-server.example.com --method tools/call --tool-name remotetool --tool-arg param=value
+mcp-inspector-assess-cli https://my-mcp-server.example.com --method tools/call --tool-name remotetool --tool-arg param=value
 
 # List resources from a remote server
-npx @modelcontextprotocol/inspector --cli https://my-mcp-server.example.com --method resources/list
+mcp-inspector-assess-cli https://my-mcp-server.example.com --method resources/list
 ```
 
 ### UI Mode vs CLI Mode: When to Use Each
@@ -1037,6 +1062,16 @@ Please submit issues and pull requests to our repository: https://github.com/tri
 
 This project builds upon the excellent foundation provided by Anthropic's MCP Inspector team. We're grateful for their work on the original inspector and the MCP protocol specification.
 
+## Links
+
+- **npm Package**: https://www.npmjs.com/package/@bryan-thompson/inspector-assessment
+- **GitHub Repository**: https://github.com/triepod-ai/inspector-assessment
+- **Original MCP Inspector**: https://github.com/modelcontextprotocol/inspector
+- **Issues & Bug Reports**: https://github.com/triepod-ai/inspector-assessment/issues
+- **MCP Documentation**: https://modelcontextprotocol.io
+- **Publishing Guide**: [PUBLISHING_GUIDE.md](PUBLISHING_GUIDE.md)
+- **Changelog**: [CHANGELOG.md](CHANGELOG.md)
+
 ## License
 
 This project is licensed under the MIT License—see the [LICENSE](LICENSE) file for details.

package/client/dist/assets/{OAuthCallback-CLEJW5KO.js → OAuthCallback-aV2t2Zmo.js}

@@ -1,4 +1,4 @@
-import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-EfKh2svk.js";
+import { u as useToast, r as reactExports, j as jsxRuntimeExports, p as parseOAuthCallbackParams, g as generateOAuthErrorDescription, S as SESSION_KEYS, I as InspectorOAuthClientProvider, a as auth } from "./index-DrU0QB6A.js";
 const OAuthCallback = ({ onConnect }) => {
   const { toast } = useToast();
   const hasProcessedRef = reactExports.useRef(false);

package/client/dist/assets/{OAuthDebugCallback-B154gAVm.js → OAuthDebugCallback-Ca01948b.js}

@@ -1,4 +1,4 @@
-import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-EfKh2svk.js";
+import { r as reactExports, S as SESSION_KEYS, p as parseOAuthCallbackParams, j as jsxRuntimeExports, g as generateOAuthErrorDescription } from "./index-DrU0QB6A.js";
 const OAuthDebugCallback = ({ onConnect }) => {
   reactExports.useEffect(() => {
     let isProcessed = false;

package/client/dist/assets/{index-EfKh2svk.js → index-DrU0QB6A.js}

@@ -16205,7 +16205,7 @@ objectType({
   token_type_hint: stringType().optional()
 }).strip();
 const name = "@bryan-thompson/inspector-assessment-client";
-const version$1 = "1.0.0";
+const version$1 = "1.1.0";
 const packageJson = {
   name,
   version: version$1
@@ -41736,7 +41736,7 @@ const useTheme = () => {
     [theme, setThemeWithSideEffect]
   );
 };
-const version = "1.0.0";
+const version = "1.1.0";
 var [createTooltipContext] = createContextScope("Tooltip", [
   createPopperScope
 ]);
@@ -44133,6 +44133,8 @@ const ToolsTab = ({
 const DEFAULT_ASSESSMENT_CONFIG = {
   testTimeout: 3e4,
   // 30 seconds per tool
+  delayBetweenTests: 0,
+  // No delay by default
   skipBrokenTools: false,
   reviewerMode: false,
   enableExtendedAssessment: true,
@@ -44158,6 +44160,8 @@ const DEFAULT_ASSESSMENT_CONFIG = {
 const REVIEWER_MODE_CONFIG = {
   testTimeout: 1e4,
   // 10 seconds per tool (faster)
+  delayBetweenTests: 100,
+  // Small delay for rate limiting
   skipBrokenTools: true,
   // Skip broken tools to save time
   reviewerMode: true,
@@ -44188,6 +44192,8 @@ const REVIEWER_MODE_CONFIG = {
 const DEVELOPER_MODE_CONFIG = {
   testTimeout: 3e4,
   // 30 seconds per tool
+  delayBetweenTests: 500,
+  // Moderate delay for thorough testing
   skipBrokenTools: false,
   reviewerMode: false,
   enableExtendedAssessment: true,
@@ -44783,6 +44789,9 @@ class ErrorHandlingAssessor extends BaseAssessor {
       );
       testDetails.push(...toolTests);
       passedTests += toolTests.filter((t) => t.passed).length;
+      if (this.config.delayBetweenTests && this.config.delayBetweenTests > 0) {
+        await this.sleep(this.config.delayBetweenTests);
+      }
     }
     this.testCount = testDetails.length;
     const metrics = this.calculateMetrics(testDetails, passedTests);
@@ -44837,7 +44846,7 @@ class ErrorHandlingAssessor extends BaseAssessor {
     return tests;
   }
   async testMissingParameters(tool, callTool) {
-    var _a;
+    var _a, _b, _c;
     const testInput = {};
     const schema = this.getToolSchema(tool);
     const hasRequiredParams = (schema == null ? void 0 : schema.required) && Array.isArray(schema.required) && schema.required.length > 0;
@@ -44883,9 +44892,9 @@ class ErrorHandlingAssessor extends BaseAssessor {
         reason: isError ? void 0 : "Tool did not reject missing parameters"
       };
     } catch (error) {
-      const errorMessage = this.extractErrorMessage(error);
-      const messageLower = (errorMessage == null ? void 0 : errorMessage.toLowerCase()) ?? "";
-      const isMeaningfulError = messageLower.includes("required") || messageLower.includes("missing") || messageLower.includes("parameter") || messageLower.includes("must") || messageLower.includes("invalid") || messageLower.includes("validation") || (errorMessage == null ? void 0 : errorMessage.length) > 20;
+      const errorInfo = this.extractErrorInfo(error);
+      const messageLower = ((_b = errorInfo.message) == null ? void 0 : _b.toLowerCase()) ?? "";
+      const isMeaningfulError = messageLower.includes("required") || messageLower.includes("missing") || messageLower.includes("parameter") || messageLower.includes("must") || messageLower.includes("invalid") || messageLower.includes("validation") || (((_c = errorInfo.message) == null ? void 0 : _c.length) ?? 0) > 20;
       return {
         toolName: tool.name,
         testType: "missing_required",
@@ -44893,7 +44902,8 @@ class ErrorHandlingAssessor extends BaseAssessor {
         expectedError: "Missing required parameters",
         actualResponse: {
           isError: true,
-          errorMessage,
+          errorCode: errorInfo.code,
+          errorMessage: errorInfo.message,
           rawResponse: error
         },
         passed: isMeaningfulError,
@@ -44902,7 +44912,7 @@ class ErrorHandlingAssessor extends BaseAssessor {
     }
   }
   async testWrongTypes(tool, callTool) {
-    var _a;
+    var _a, _b, _c;
     const schema = this.getToolSchema(tool);
     const testInput = this.generateWrongTypeParams(schema);
     try {
@@ -44932,9 +44942,9 @@ class ErrorHandlingAssessor extends BaseAssessor {
         reason: isError ? void 0 : "Tool accepted wrong parameter types"
       };
     } catch (error) {
-      const errorMessage = this.extractErrorMessage(error);
-      const messageLower = (errorMessage == null ? void 0 : errorMessage.toLowerCase()) ?? "";
-      const isMeaningfulError = messageLower.includes("type") || messageLower.includes("invalid") || messageLower.includes("expected") || messageLower.includes("must be") || messageLower.includes("validation") || messageLower.includes("string") || messageLower.includes("number") || (errorMessage == null ? void 0 : errorMessage.length) > 20;
+      const errorInfo = this.extractErrorInfo(error);
+      const messageLower = ((_b = errorInfo.message) == null ? void 0 : _b.toLowerCase()) ?? "";
+      const isMeaningfulError = messageLower.includes("type") || messageLower.includes("invalid") || messageLower.includes("expected") || messageLower.includes("must be") || messageLower.includes("validation") || messageLower.includes("string") || messageLower.includes("number") || (((_c = errorInfo.message) == null ? void 0 : _c.length) ?? 0) > 20;
       return {
         toolName: tool.name,
         testType: "wrong_type",
@@ -44942,7 +44952,8 @@ class ErrorHandlingAssessor extends BaseAssessor {
         expectedError: "Type validation error",
         actualResponse: {
           isError: true,
-          errorMessage,
+          errorCode: errorInfo.code,
+          errorMessage: errorInfo.message,
           rawResponse: error
         },
         passed: isMeaningfulError,
@@ -44951,6 +44962,7 @@ class ErrorHandlingAssessor extends BaseAssessor {
     }
   }
   async testInvalidValues(tool, callTool) {
+    var _a, _b;
     const schema = this.getToolSchema(tool);
     const testInput = this.generateInvalidValueParams(schema);
     try {
@@ -44975,9 +44987,9 @@ class ErrorHandlingAssessor extends BaseAssessor {
         reason: isError ? void 0 : "Tool accepted invalid values"
       };
     } catch (error) {
-      const errorMessage = this.extractErrorMessage(error);
-      const messageLower = (errorMessage == null ? void 0 : errorMessage.toLowerCase()) ?? "";
-      const isMeaningfulError = messageLower.includes("invalid") || messageLower.includes("not allowed") || messageLower.includes("must") || messageLower.includes("cannot") || messageLower.includes("validation") || messageLower.includes("error") || (errorMessage == null ? void 0 : errorMessage.length) > 15;
+      const errorInfo = this.extractErrorInfo(error);
+      const messageLower = ((_a = errorInfo.message) == null ? void 0 : _a.toLowerCase()) ?? "";
+      const isMeaningfulError = messageLower.includes("invalid") || messageLower.includes("not allowed") || messageLower.includes("must") || messageLower.includes("cannot") || messageLower.includes("validation") || messageLower.includes("error") || (((_b = errorInfo.message) == null ? void 0 : _b.length) ?? 0) > 15;
       return {
         toolName: tool.name,
         testType: "invalid_values",
@@ -44985,7 +44997,8 @@ class ErrorHandlingAssessor extends BaseAssessor {
         expectedError: "Invalid parameter values",
         actualResponse: {
           isError: true,
-          errorMessage,
+          errorCode: errorInfo.code,
+          errorMessage: errorInfo.message,
           rawResponse: error
         },
         passed: isMeaningfulError,
@@ -44994,6 +45007,7 @@ class ErrorHandlingAssessor extends BaseAssessor {
     }
   }
   async testExcessiveInput(tool, callTool) {
+    var _a, _b;
     const largeString = "x".repeat(1e5);
     const testInput = this.generateParamsWithValue(tool, largeString);
     try {
@@ -45020,9 +45034,9 @@ class ErrorHandlingAssessor extends BaseAssessor {
         reason: !isError && !response ? "Tool crashed on large input" : void 0
       };
     } catch (error) {
-      const errorMessage = this.extractErrorMessage(error);
-      const messageLower = (errorMessage == null ? void 0 : errorMessage.toLowerCase()) ?? "";
-      const isMeaningfulError = messageLower.includes("size") || messageLower.includes("large") || messageLower.includes("limit") || messageLower.includes("exceed") || messageLower.includes("too") || messageLower.includes("maximum") || (errorMessage == null ? void 0 : errorMessage.length) > 10;
+      const errorInfo = this.extractErrorInfo(error);
+      const messageLower = ((_a = errorInfo.message) == null ? void 0 : _a.toLowerCase()) ?? "";
+      const isMeaningfulError = messageLower.includes("size") || messageLower.includes("large") || messageLower.includes("limit") || messageLower.includes("exceed") || messageLower.includes("too") || messageLower.includes("maximum") || (((_b = errorInfo.message) == null ? void 0 : _b.length) ?? 0) > 10;
       return {
         toolName: tool.name,
         testType: "excessive_input",
@@ -45030,7 +45044,8 @@ class ErrorHandlingAssessor extends BaseAssessor {
         expectedError: "Input size limit exceeded",
         actualResponse: {
           isError: true,
-          errorMessage,
+          errorCode: errorInfo.code,
+          errorMessage: errorInfo.message,
           rawResponse: "[error details omitted]"
         },
         passed: isMeaningfulError,
@@ -45178,12 +45193,17 @@ class ErrorHandlingAssessor extends BaseAssessor {
     else if (score >= 70) quality = "good";
     else if (score >= 50) quality = "fair";
     else quality = "poor";
-    const hasProperErrorCodes = tests.some(
+    const actualErrors = tests.filter((t) => t.actualResponse.isError);
+    const errorsWithCodes = actualErrors.filter(
       (t) => t.actualResponse.errorCode !== void 0
-    );
-    const hasDescriptiveMessages = tests.some(
+    ).length;
+    const errorsWithMessages = actualErrors.filter(
       (t) => t.actualResponse.errorMessage && t.actualResponse.errorMessage.length > 10
-    );
+    ).length;
+    const hasProperErrorCodes = actualErrors.length === 0 || // If no errors were triggered, we can't assess this
+    errorsWithCodes / actualErrors.length >= 0.5;
+    const hasDescriptiveMessages = actualErrors.length === 0 || // If no errors were triggered, we can't assess this
+    errorsWithMessages / actualErrors.length >= 0.5;
     const validatesInputs = tests.filter((t) => ["missing_required", "wrong_type"].includes(t.testType)).some((t) => t.passed);
     return {
       mcpComplianceScore: score,
@@ -48008,9 +48028,17 @@ class ResponseValidator {
   }
 }
 class TestScenarioEngine {
-  constructor(testTimeout = 5e3) {
+  constructor(testTimeout = 5e3, delayBetweenTests = 0) {
     __publicField(this, "testTimeout");
+    __publicField(this, "delayBetweenTests");
     this.testTimeout = testTimeout;
+    this.delayBetweenTests = delayBetweenTests;
+  }
+  /**
+   * Sleep for specified milliseconds (for rate limiting)
+   */
+  async sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
   }
   /**
    * Test tool with progressive complexity to identify failure points
@@ -48163,6 +48191,9 @@ class TestScenarioEngine {
         callTool
       );
       result.scenarioResults.push(scenarioResult);
+      if (this.delayBetweenTests > 0) {
+        await this.sleep(this.delayBetweenTests);
+      }
       if (scenarioResult.executed) {
         result.scenariosExecuted++;
         if (scenarioResult.validation.isValid) {
@@ -48573,7 +48604,10 @@ class MCPAssessmentService {
    * Enhanced functionality assessment with multi-scenario testing
    */
   async assessFunctionalityEnhanced(tools, callTool) {
-    const engine = new TestScenarioEngine(this.config.testTimeout);
+    const engine = new TestScenarioEngine(
+      this.config.testTimeout,
+      this.config.delayBetweenTests ?? 0
+    );
     const toolResults = [];
     const enhancedResults = [];
     let workingCount = 0;
@@ -50718,6 +50752,30 @@ const AssessmentTab = ({
         ),
         !isLoadingTools && tools.length > 0 && /* @__PURE__ */ jsxRuntimeExports.jsx("p", { className: "text-xs text-muted-foreground", children: "Select which tools to test for error handling (the most intensive tests). All tools are selected by default." })
       ] }),
+      /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "space-y-2", children: [
+        /* @__PURE__ */ jsxRuntimeExports.jsx(Label$1, { htmlFor: "delay-between-tests", children: "Delay between tests (milliseconds)" }),
+        /* @__PURE__ */ jsxRuntimeExports.jsx(
+          Input,
+          {
+            id: "delay-between-tests",
+            type: "number",
+            min: "0",
+            max: "5000",
+            step: "100",
+            value: config.delayBetweenTests ?? 0,
+            onChange: (e) => {
+              const value = parseInt(e.target.value, 10);
+              setConfig({
+                ...config,
+                delayBetweenTests: isNaN(value) ? 0 : value
+              });
+            },
+            disabled: isRunning,
+            placeholder: "0"
+          }
+        ),
+        /* @__PURE__ */ jsxRuntimeExports.jsx("p", { className: "text-xs text-muted-foreground", children: "Add a delay between tests to avoid rate limiting. Recommended: 500-1000ms for rate-limited APIs. Set to 0 for no delay (default)." })
+      ] }),
       /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "space-y-2 border rounded-lg p-4 bg-blue-50 dark:bg-blue-950", children: [
         /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "flex items-center space-x-2", children: [
           /* @__PURE__ */ jsxRuntimeExports.jsx(
@@ -50734,15 +50792,15 @@ const AssessmentTab = ({
           ),
           /* @__PURE__ */ jsxRuntimeExports.jsxs(Label$1, { htmlFor: "domain-testing", className: "cursor-pointer", children: [
             /* @__PURE__ */ jsxRuntimeExports.jsx("span", { className: "font-semibold", children: "Enable Advanced Security Testing" }),
-            /* @__PURE__ */ jsxRuntimeExports.jsx("span", { className: "ml-2 text-xs bg-blue-100 dark:bg-blue-900 text-blue-800 dark:text-blue-200 px-2 py-0.5 rounded", children: "18 Attack Patterns" })
+            /* @__PURE__ */ jsxRuntimeExports.jsx("span", { className: "ml-2 text-xs bg-blue-100 dark:bg-blue-900 text-blue-800 dark:text-blue-200 px-2 py-0.5 rounded", children: "18 Patterns" })
           ] })
         ] }),
         /* @__PURE__ */ jsxRuntimeExports.jsxs("p", { className: "text-xs text-muted-foreground ml-6", children: [
           /* @__PURE__ */ jsxRuntimeExports.jsx("strong", { children: "Basic:" }),
-          " 3 critical patterns (~48 tests).",
+          " 3 common patterns (~48 checks).",
           " ",
           /* @__PURE__ */ jsxRuntimeExports.jsx("strong", { children: "Advanced:" }),
-          " All 18 patterns. Advanced mode tests Direct Command Injection, Role Override, Data Exfiltration, System Commands, Tool Shadowing, Context Escape, and 12+ other attack vectors."
+          " All 18 patterns. Designed to identify potential issues like Direct Command Injection, Role Override, Data Exfiltration, System Commands, Tool Shadowing, Context Escape, and 12+ other common attack vectors."
         ] })
       ] }),
       /* @__PURE__ */ jsxRuntimeExports.jsxs("div", { className: "flex gap-2", children: [
@@ -51857,7 +51915,8 @@ const ErrorTestItem = ({ test }) => {
     {
       className: "text-xs border-l-2 pl-3 py-1",
       style: {
-        borderColor: test.passed ? "rgb(34 197 94)" : "rgb(239 68 68)"
+        borderColor: test.testType === "invalid_values" ? "rgb(234 179 8)" : test.passed ? "rgb(34 197 94)" : "rgb(239 68 68)"
+        // red-500 for FAIL
       },
       children: [
         /* @__PURE__ */ jsxRuntimeExports.jsxs(
@@ -53106,13 +53165,13 @@ const App = () => {
   ) });
   if (window.location.pathname === "/oauth/callback") {
     const OAuthCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthCallback-CLEJW5KO.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthCallback-aV2t2Zmo.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthCallback, { onConnect: onOAuthConnect }) });
   }
   if (window.location.pathname === "/oauth/callback/debug") {
     const OAuthDebugCallback = React.lazy(
-      () => __vitePreload(() => import("./OAuthDebugCallback-B154gAVm.js"), true ? [] : void 0)
+      () => __vitePreload(() => import("./OAuthDebugCallback-Ca01948b.js"), true ? [] : void 0)
     );
     return /* @__PURE__ */ jsxRuntimeExports.jsx(reactExports.Suspense, { fallback: /* @__PURE__ */ jsxRuntimeExports.jsx("div", { children: "Loading..." }), children: /* @__PURE__ */ jsxRuntimeExports.jsx(OAuthDebugCallback, { onConnect: onOAuthDebugConnect }) });
   }

package/client/dist/index.html

@@ -5,7 +5,7 @@
     <link rel="icon" type="image/svg+xml" href="/mcp.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>MCP Inspector</title>
-    <script type="module" crossorigin src="/assets/index-EfKh2svk.js"></script>
+    <script type="module" crossorigin src="/assets/index-DrU0QB6A.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-DYiWOife.css">
   </head>
   <body>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bryan-thompson/inspector-assessment",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Enhanced MCP Inspector with comprehensive assessment capabilities for server validation",
   "license": "MIT",
   "author": "Bryan Thompson <bryan@triepod.ai>",